LogoLogo
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • Insurance
    • 🌍Carbon Neutral
  • Policy Change Log
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Objective
  • Scope
  • Policy
  • ISMS Change Management Process
  • Management of nonconformities
  • React to the nonconformity
  • Evaluate the root cause
  • Remediate root cause
  • Determine effectiveness of the remediation
  • Retain evidence

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Continual Improvement Process

Objective

This process aims to allow FundApps to continually improve the suitability, adequacy and effectiveness of the information security management system.

Scope

ISMS Change Management Process

Nonconformities of FundApps' Information Security Management System with ISO 27001:2022.

Policy

ISMS Change Management Process

FundApps ensures that all changes to the Information Security Management System are carried out in a planned manner and controlled in accordance with ISO 27001 Clause 6.3.

To ensure a structured approach to ISMS changes, FundApps follows these key steps:

  1. Identifying & Assessing Changes

  • Changes may be identified through internal reviews, ISMS performance reviews, audits, risk assessments, regulatory updates, or feedback from stakeholders.

  • Each change is assessed for potential impacts on security objectives, risk posture, and existing controls.

  1. Planning & Approval

  • Changes are reviewed and approved by relevant stakeholders before implementation to ensure alignment with security and business objectives.

  1. Implementation & Documentation

  • Approved changes are implemented following a structured approach to minimise security risks and operational disruptions.

  • All changes are documented in accordance with FundApps' record-keeping requirements.

  1. Monitoring & Review

  • The effectiveness of implemented changes is monitored to ensure security objectives are met.

  • Any unintended consequences are reviewed, and corrective actions are taken as necessary.

  1. Control of External Processes

  • Any externally provided processes, products, or services that impact the ISMS are reviewed and controlled to maintain compliance and security integrity.

Management of nonconformities

FundApps shall implement the following process when nonconformities arise:

React to the nonconformity

FundApps shall react to the nonconformity as applicable by taking action to control and correct it and deal with its consequences.

Non-conformities will be logged in Shortcut, a ticketing system.

Non-confirmities can be identified daily through the use of FundApps' compliance monitoring tool, during annual internal audits, during the ISMS performance review and during the annual risk assessment.

Evaluate the root cause

FundApps shall evaluate the need for action to eliminate the causes of the nonconformity to ensure it does not occur again.

To do so FundApps shall:

  • review the nonconformity;

  • determine the cause of the nonconformity; and

  • determine if similar nonconformities exist or could potentially occur.

The remediation action and a deadline will be logged in Shortcut for each non-conformity.

Remediate root cause

FundApps shall implement actions required to address the root cause of the nonconformity.

Once the action has been implemented, the corresponding Shortcut story will be marked as done.

Determine effectiveness of the remediation

FundApps shall review the effectiveness of the remediation actions which have been taken and make further changes to the ISMS if necessary.

Retain evidence

FundApps shall retain evidence of:

  • the nature of the nonconformities and any subsequent action taken, and

  • the result of any remediation actions.

PreviousInternal Audit Plan for a 3 year cycleNextInternal and External Communication Plan

Last updated 1 day ago

Was this helpful?